{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30937", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-07T16:40:05.885Z", "datePublished": "2026-03-09T21:50:15.495Z", "dateUpdated": "2026-03-10T14:34:52.599Z"}, "containers": {"cna": {"title": "ImageMagick has a heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": ">= 7.0.0, < 7.1.2-16", "status": "affected"}, {"version": "< 6.9.13-41", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-09T21:50:15.495Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41."}], "source": {"advisory": "GHSA-qpg4-j99f-8xcg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T14:34:45.797676Z", "id": "CVE-2026-30937", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T14:34:52.599Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30937", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T14:34:45.797676Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T14:34:48.846Z"}}], "cna": {"title": "ImageMagick has a heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation", "source": {"advisory": "GHSA-qpg4-j99f-8xcg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.1.2-16"}, {"status": "affected", "version": "< 6.9.13-41"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-09T21:50:15.495Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30937", "state": "PUBLISHED", "dateUpdated": "2026-03-10T14:34:52.599Z", "dateReserved": "2026-03-07T16:40:05.885Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-09T21:50:15.495Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFFB7C48-4211-4215-9C0B-D285B8E09CF1", "versionEndExcluding": "6.9.13-41", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "865783BD-5A33-4D05-AF99-E6EFE76414D1", "versionEndExcluding": "7.1.2-16", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41."}, {"lang": "es", "value": "ImageMagick es un software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. Antes de las versiones 7.1.2-16 y 6.9.13-41, un desbordamiento de entero sin signo de 32 bits en el codificador XWD (X Windows) puede causar una asignaci\u00f3n de b\u00fafer de pila de tama\u00f1o insuficiente. Al escribir una imagen extremadamente grande, puede ocurrir una escritura de pila fuera de l\u00edmites. Esta vulnerabilidad est\u00e1 corregida en 7.1.2-16 y 6.9.13-41."}], "id": "CVE-2026-30937", "lastModified": "2026-03-18T18:18:18.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-10T07:44:57.840", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-190"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Denial of Service via integer overflow in XWD encoder", "id": "2445882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445882"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in ImageMagick, a software suite for editing and manipulating digital images. An integer overflow vulnerability exists in the XWD (X Windows) encoder when processing extremely large images. This flaw can lead to an undersized memory allocation, resulting in an out-of-bounds write to the heap. A local attacker could exploit this to cause a denial of service (DoS) or potentially impact data integrity."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, restrict ImageMagick's processing of untrusted or excessively large XWD image files. Implement input validation to ensure that image dimensions and sizes are within expected operational limits before processing them with ImageMagick."}, "name": "CVE-2026-30937", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-03-09T21:50:15Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-30937\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-30937\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg"], "statement": "A MODERATE impact heap buffer overflow exists in ImageMagick's XWD encoder, `WriteXWDImage`. This flaw occurs when processing extremely large images, leading to an undersized heap buffer allocation and a potential out-of-bounds write. Red Hat products shipping ImageMagick are affected if configured to generate or convert excessively large images into the XWD format.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.1.2-16)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-41)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "analysis": {"en": {"generated_at": "2026-04-17T11:49:13.354666+00:00", "value": {"mitigation_remediation": ["Upgrade ImageMagick to version\u00a07.1.2\u201116 or later, or to\u00a06.9.13\u201141 or later.", "If an upgrade is not feasible, disable or remove the XWD encoder from the ImageMagick installation where possible.", "Implement size checks or enforce a maximum image dimension before passing an image to ImageMagick to prevent exceedingly large files from reaching the encoder."], "summary": {"action": "Apply patch", "impact": "Memory corruption that can enable arbitrary code execution"}, "threat_synthesis": {"affected_systems": "All ImageMagick releases older than 7.1.2\u201116 and 6.9.13\u201141 built with the XWD encoder are affected, regardless of platform.", "description_and_impact": "ImageMagick processes images for the XWD format using a bytes per line calculation that overflows a 32\u2011bit unsigned integer. The overflow reduces the heap allocation size and allows an out\u2011of\u2011bounds write when a very large image is handled, creating a heap buffer overflow (CWE\u2011122) that can corrupt memory or, due to the unsigned arithmetic error, potentially allow arbitrary code execution (CWE\u2011190).", "risk_and_exploitability": "With a CVSS score of 6.8 the vulnerability is of moderate severity, and the EPSS score of less than 1% indicates a low probability of broad exploitation at the moment. The vulnerability is not listed in the CISA KEV catalog. The most likely attack scenario involves an adversary supplying a specially crafted, extremely large image file to an application that uses ImageMagick, triggering the heap overflow and potentially giving the attacker code execution or causing a crash. No documented network\u2011only vector exists, so the attacker must be able to deliver the malicious image data to the vulnerable program."}}}}, "created": "2026-03-10T14:06:41.870522+00:00", "updated": "2026-04-17T12:00:11.743694+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}